Implement Web Portal feature.

[nejucomo]

A really simple feature could make Tahoe into a public "web portal". A web portal is a website that presents a given Tahoe directory as it's root url path, for example, these two links would be equivalent:

http://example.website.com/foo/bar.html http://<my tahoe node>/uri/<web portal dir cap>/foo/bar.html

The portal appears like any other website to surfers (aside from headers and performance). The server can run on a system with a tiny disk, and the web site operator need not worry about site backups.

The security implications seem straightforward, given the design of Tahoe.

I haven't looked at the webish code, but I imagine this could be implemented by adding a single configuration setting for the portal dir cap, and then prefixing all URL requests with "/uri/$dircap" before passing the request to the handler.

[warner]

(escaped the urls in the description to fix formatting)

[warner]

Hm, so the way that S3 does this is to look for a HTTP/1.1 Hostname: header and manipulate the URL based upon that. In our case, we could have a config file with lines like:

example.website.com: DIRCAP
other.website.com: DIRCAP

and then the twisted.web resource could switch on the Hostname: header to decide what cap to start with.

Security wise, this would give unbounded read- (or write-, if DIRCAP is RW) access to everything below DIRCAP, which is pretty easy to explain and understand.

Intriguing..

[zooko]

Couldn't this be implemented by using apache and a reverse proxy?

[zooko]

nejucomo wrote a reverse proxy config for nginx for this:

​https://bitbucket.org/nejucomo/lafs-rpg/

I used it (after tweaking it a bit) for zooko.com:

​https://zooko.com/